Cannot index event publisher.Event
382 views
Skip to first unread message
Miroslav M
Jun 1, 2022, 12:59:23 PM6/1/22
to Wazuh mailing list
Hello, my wazuh is killing itself. In the systlog and daemon log there is flood and I have no clue what is happening and why:
Jun 1 18:51:52 ossec filebeat[402]: 2022-06-01T18:51:52.665+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e042898d8531d, ext:1853429
70277, loc:(*time.Location)(0x42417a0)}, Meta:{"pipeline":"filebeat-7.10.2-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"9f5ca6b2-e9b6-43d7-a277-b7bf48be41df","hostname":"ossec","id":"0763c1c0-b8d6-47cc-8d42-c50c347085f5","na
me":"ossec","type":"filebeat","version":"7.10.2"},"ecs":{"version":"1.6.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-4.x-"},"fileset":{"name":"alerts"},"host":{"name":"ossec"},"input":{"t
ype":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":588845433},"message":"{\"timestamp\":\"2022-06-01T18:18:48.451+0200\",\"rule\":{\"level\":5,\"description\":\"syslog: User authentication failure.\",\"id\":
\"2501\",\"firedtimes\":43692,\"mail\":false,\"groups\":[\"syslog\",\"access_control\",\"authentication_failed\"],\"pci_dss\":[\"10.2.4\",\"10.2.5\"],\"gpg13\":[\"7.8\"],\"gdpr\":[\"IV_35.7.d\",\"IV_32.2\"],\"hipaa\":[\"164.312.b\"],\"ni
st_800_53\":[\"AU.14\",\"AC.7\"],\"tsc\":[\"CC6.1\",\"CC6.8\",\"CC7.2\",\"CC7.3\"]},\"agent\":{\"id\":\"000\",\"name\":\"ossec\"},\"manager\":{\"name\":\"ossec\"},\"id\":\"1654100328.369799825\",\"full_log\":\"Jun 1 18:18:47 ossec fileb
eat[398]: 2022-06-01T18:18:47.637+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e02387125e372, ext:146203416173, loc:(*time.Location)
(0x42417a0)}, Meta:{\\\"pipeline\\\":\\\"filebeat-7.10.2-wazuh-archives-pipeline\\\"}, Fields:{\\\"agent\\\":{\\\"ephemeral_id\\\":\\\"c310f9e0-c3d0-4ff2-95da-3afebaee8d34\\\",\\\"hostname\\\":\\\"ossec\\\",\\\"id\\\":\\\"0763c1c0-b8d6-4
7cc-8d42-c50c347085f5\\\",\\\"name\\\":\\\"ossec\\\",\\\"type\\\":\\\"filebeat\\\",\\\"version\\\":\\\"7.10.2\\\"},\\\"ecs\\\":{\\\"version\\\":\\\"1.6.0\\\"},\\\"event\\\":{\\\"dataset\\\":\\\"wazuh.archives\\\",\\\"module\\\":\\\"wazuh
\\\"},\\\"fields\\\":{\\\"index_prefix\\\":\\\"wazuh-archives-4.x-\\\"},\\\"fileset\\\":{\\\"name\\\":\\\"archives\\\"},\\\"host\\\":{\\\"name\\\":\\\"ossec\\\"},\\\"input\\\":{\\\"type\\\":\\\"log\\\"},\\\"log\\\":{\\\"file\\\":{\\\"pat
h\\\":\\\"/var/ossec/logs/archives/archives.json\\\"},\\\"offset\\\":483258384},\\\"message\\\":\\\"{\\\\\\\"timestamp\\\\\\\":\\\\\\\"2022-06-01T18:18:12.142+0200\\\\\\\",\\\\\\\"rule\\\\\\\":{\\\\\\\"level\\\\\\\":5,\\\\\\\"description
\\\\\\\":\\\\\\\"syslog: User authentication failure.\\\\\\\",\\\\\\\"id\\\\\\\":\\\\\\\"2501\\\\\\\",\\\\\\\"firedtimes\\\\\\\":20062,\\\\\\\"mail\\\\\\\":false,\\\\\\\"groups\\\\\\\":[\\\\\\\"syslog\\\\\\\",\\\\\\\"access_control\\\\\\
\",\\\\\\\"authentication_failed\\\\\\\"],\\\\\\\"pci_dss\\\\\\\":[\\\\\\\"10.2.4\\\\\\\",\\\\\\\"10.2.5\\\\\\\"],\\\\\\\"gpg13\\\\\\\":[\\\\\\\"7.8\\\\\\\"],\\\\\\\"gdpr\\\\\\\":[\\\\\\\"IV_35.7.d\\\\\\\",\\\\\\\"IV_32.2\\\\\\\"],\\\\\\
\"hipaa\\\\\\\":[\\\\\\\"164.312.b\\\\\\\"],\\\\\\\"nist_800_53\\\\\\\":[\\\\\\\"AU.14\\\\\\\",\\\\\\\"AC.7\\\\\\\"],\\\\\\\"tsc\\\\\\\":[\\\\\\\"CC6.1\\\\\\\",\\\\\\\"CC6.8\\\\\\\",\\\\\\\"CC7.2\\\\\\\",\\\\\\\"CC7.3\\\\\\\"]},\\\\\\\"a
gent\\\\\\\":{\\\\\\\"id\\\\\\\":\\\\\\\"000\\\\\\\",\\\\\\\"name\\\\\\\":\\\\\\\"ossec\\\\\\\"},\\\\\\\"manager\\\\\\\":{\\\\\\\"name\\\\\\\":\\\\\\\"ossec\\\\\\\"},\\\\\\\"id\\\\\\\":\\\\\\\"1654100292.170329479\\\\\\\",\\\\\\\"full_lo
g\\\\\\\":\\\\\\\"Jun 1 18:18:11 ossec filebeat[398]: 2022-06-01T18:18:11.909+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e022f8b7
3ee0e, ext:110570996489, loc:(*time.Location)(0x42417a0)}, Meta:{\\\\\\\\\\\\\\\"pipeline\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"filebeat-7.10.2-wazuh-alerts-pipeline\\\\\\\\\\\\\\\"}, Fields:{\\\\\\\\\\\\\\\"agent\\\\\\\\\\\\\\\":{\\\\\\\\\\\\
\\\"ephemeral_id\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"c310f9e0-c3d0-4ff2-95da-3afebaee8d34\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"hostname\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"id\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"0763c
1c0-b8d6-47cc-8d42-c50c347085f5\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"type\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"filebeat\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"version\\\\\\\\\\\\\
\\":\\\\\\\\\\\\\\\"7.10.2\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"ecs\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"version\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"1.6.0\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"event\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"dataset\\\\\\\\\\\\\\\
":\\\\\\\\\\\\\\\"wazuh.alerts\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"module\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"fields\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"index_prefix\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh-alert
s-4.x-\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"fileset\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"alerts\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"host\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"osse
c\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"input\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"type\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"log\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"log\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"file\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"path\\\\\\\\\\
\\\\\":\\\\\\\\\\\\\\\"/var/ossec/logs/alerts/alerts.json\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"offset\\\\\\\\\\\\\\\":147761831},\\\\\\\\\\\\\\\"message\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"{\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"timestamp\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"2022-06-01T18:17:57.851+0200\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"rule\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"level\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\":5,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"description\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"syslog: User authentication failure.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"id\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"2501\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"firedtimes\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":10941,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"mail\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\":false,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"groups\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"syslog\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"access_control\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\"authentication_failed\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"pci_dss\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"10.2.4\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\"10.2.5\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"gpg13\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"7.8\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"gd
pr\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"IV_35.7.d\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"IV_32.2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"hipaa\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"164.312.b\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"nist_800_53\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"AU.14\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"AC.7\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"tsc\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC6.1\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\"CC6.8\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC7.2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC7.3\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"]},\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"agent\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\\\
Jun 1 18:56:49 ossec filebeat[402]: 2022-06-01T18:56:49.459+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e0472dfbec7b3, ext:482458736688, loc:(*time.Location)(0x42417a0)}, Meta:{"pipeline":"filebeat-7.10.2-wazuh-archives-pipeline"}, Fields:{"agent":{"ephemeral_id":"9f5ca6b2-e9b6-43d7-a277-b7bf48be41df","hostname":"ossec","id":"0763c1c0-b8d6-47cc-8d42-c50c347085f5","name":"ossec","type":"filebeat","version":"7.10.2"},"ecs":{"version":"1.6.0"},"event":{"dataset":"wazuh.archives","module":"wazuh"},"fields":{"index_prefix":"wazuh-archives-4.x-"},"fileset":{"name":"archives"},"host":{"name":"ossec"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/archives/archives.json"},"offset":1873575068},"message":"{\"timestamp\":\"2022-06-01T18:20:41.620+0200\",\"rule\":{\"level\":5,\"description\":\"syslog: User authentication failure.\",\"id\":\"2501\",\"firedtimes\":119323,\"mail\":false,\"groups\":[\"syslog\",\"access_control\",\"authentication_failed\"],\"pci_dss\":[\"10.2.4\",\"10.2.5\"],\"gpg13\":[\"7.8\"],\"gdpr\":[\"IV_35.7.d\",\"IV_32.2\"],\"hipaa\":[\"164.312.b\"],\"nist_800_53\":[\"AU.14\",\"AC.7\"],\"tsc\":[\"CC6.1\",\"CC6.8\",\"CC7.2\",\"CC7.3\"]},\"agent\":{\"id\":\"000\",\"name\":\"ossec\"},\"manager\":{\"name\":\"ossec\"},\"id\":\"1654100441.1008202855\",\"full_log\":\"Jun 1 18:20:41 ossec filebeat[398]: 2022-06-01T18:20:41.323+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e0254f2708176, ext:260225083495, loc:(*time.Location)(0x42417a0)}, Meta:{\\\"pipeline\\\":\\\"filebeat-7.10.2-wazuh-archives-pipeline\\\"}, Fields:{\\\"agent\\\":{\\\"ephemeral_id\\\":\\\"c310f9e0-c3d0-4ff2-95da-3afebaee8d34\\\",\\\"hostname\\\":\\\"ossec\\\",\\\"id\\\":\\\"0763c1c0-b8d6-47cc-8d42-c50c347085f5\\\",\\\"name\\\":\\\"ossec\\\",\\\"type\\\":\\\"filebeat\\\",\\\"version\\\":\\\"7.10.2\\\"},\\\"ecs\\\":{\\\"version\\\":\\\"1.6.0\\\"},\\\"event\\\":{\\\"dataset\\\":\\\"wazuh.archives\\\",\\\"module\\\":\\\"wazuh\\\"},\\\"fields\\\":{\\\"index_prefix\\\":\\\"wazuh-archives-4.x-\\\"},\\\"fileset\\\":{\\\"name\\\":\\\"archives\\\"},\\\"host\\\":{\\\"name\\\":\\\"ossec\\\"},\\\"input\\\":{\\\"type\\\":\\\"log\\\"},\\\"log\\\":{\\\"file\\\":{\\\"path\\\":\\\"/var/ossec/logs/archives/archives.json\\\"},\\\"offset\\\":1009882966},\\\"message\\\":\\\"{\\\\\\\"timestamp\\\\\\\":\\\\\\\"2022-06-01T18:19:08.700+0200\\\\\\\",\\\\\\\"rule\\\\\\\":{\\\\\\\"level\\\\\\\":5,\\\\\\\"description\\\\\\\":\\\\\\\"syslog: User authentication failure.\\\\\\\",\\\\\\\"id\\\\\\\":\\\\\\\"2501\\\\\\\",\\\\\\\"firedtimes\\\\\\\":56945,\\\\\\\"mail\\\\\\\":false,\\\\\\\"groups\\\\\\\":[\\\\\\\"syslog\\\\\\\",\\\\\\\"access_control\\\\\\\",\\\\\\\"authentication_failed\\\\\\\"],\\\\\\\"pci_dss\\\\\\\":[\\\\\\\"10.2.4\\\\\\\",\\\\\\\"10.2.5\\\\\\\"],\\\\\\\"gpg13\\\\\\\":[\\\\\\\"7.8\\\\\\\"],\\\\\\\"gdpr\\\\\\\":[\\\\\\\"IV_35.7.d\\\\\\\",\\\\\\\"IV_32.2\\\\\\\"],\\\\\\\"hipaa\\\\\\\":[\\\\\\\"164.312.b\\\\\\\"],\\\\\\\"nist_800_53\\\\\\\":[\\\\\\\"AU.14\\\\\\\",\\\\\\\"AC.7\\\\\\\"],\\\\\\\"tsc\\\\\\\":[\\\\\\\"CC6.1\\\\\\\",\\\\\\\"CC6.8\\\\\\\",\\\\\\\"CC7.2\\\\\\\",\\\\\\\"CC7.3\\\\\\\"]},\\\\\\\"agent\\\\\\\":{\\\\\\\"id\\\\\\\":\\\\\\\"000\\\\\\\",\\\\\\\"name\\\\\\\":\\\\\\\"ossec\\\\\\\"},\\\\\\\"manager\\\\\\\":{\\\\\\\"name\\\\\\\":\\\\\\\"ossec\\\\\\\"},\\\\\\\"id\\\\\\\":\\\\\\\"1654100348.481676552\\\\\\\",\\\\\\\"full_log\\\\\\\":\\\\\\\"Jun 1 18:19:07 ossec filebeat[398]: 2022-06-01T18:19:07.603+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e023d614a04ec, ext:165937348573, loc:(*time.Location)(0x42417a0)}, Meta:{\\\\\\\\\\\\\\\"pipeline\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"filebeat-7.10.2-wazuh-archives-pipeline\\\\\\\\\\\\\\\"}, Fields:{\\\\\\\\\\\\\\\"agent\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"ephemeral_id\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"c310f9e0-c3d0-4ff2-95da-3afebaee8d34\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"hostname\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"id\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"0763c1c0-b8d6-47cc-8d42-c50c347085f5\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"type\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"filebeat\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"version\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"7.10.2\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"ecs\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"version\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"1.6.0\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"event\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"dataset\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh.archives\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"module\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"fields\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"index_prefix\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh-archives-4.x-\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"fileset\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"archives\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"host\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"input\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"type\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"log\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"log\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"file\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"path\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"/var/ossec/logs/archives/archives.json\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"offset\\\\\\\\\\\\\\\":575249413},\\\\\\\\\\\\\\\"message\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"{\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"timestamp\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"2022-06-01T18:18:22.200+0200\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"rule\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"level\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":5,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"description\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"syslog: User authentication failure.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"id\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"2501\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"firedtimes\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":26407,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"mail\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":false,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"groups\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"syslog\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"access_control\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"authentication_failed\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"pci_dss\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"10.2.4\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"10.2.5\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"gpg13\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"7.8\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"gdpr\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"IV_35.7.d\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"IV_32.2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"hipaa\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"164.312.b\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"nist_800_53\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"AU.14\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"AC.7\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"tsc\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC6.1\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC6.8\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC7.2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC7.3\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"]},\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"agent\\\\\\\\\\\\\\\\\\\\\\\
70277, loc:(*time.Location)(0x42417a0)}, Meta:{"pipeline":"filebeat-7.10.2-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"9f5ca6b2-e9b6-43d7-a277-b7bf48be41df","hostname":"ossec","id":"0763c1c0-b8d6-47cc-8d42-c50c347085f5","na
me":"ossec","type":"filebeat","version":"7.10.2"},"ecs":{"version":"1.6.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-4.x-"},"fileset":{"name":"alerts"},"host":{"name":"ossec"},"input":{"t
ype":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":588845433},"message":"{\"timestamp\":\"2022-06-01T18:18:48.451+0200\",\"rule\":{\"level\":5,\"description\":\"syslog: User authentication failure.\",\"id\":
\"2501\",\"firedtimes\":43692,\"mail\":false,\"groups\":[\"syslog\",\"access_control\",\"authentication_failed\"],\"pci_dss\":[\"10.2.4\",\"10.2.5\"],\"gpg13\":[\"7.8\"],\"gdpr\":[\"IV_35.7.d\",\"IV_32.2\"],\"hipaa\":[\"164.312.b\"],\"ni
st_800_53\":[\"AU.14\",\"AC.7\"],\"tsc\":[\"CC6.1\",\"CC6.8\",\"CC7.2\",\"CC7.3\"]},\"agent\":{\"id\":\"000\",\"name\":\"ossec\"},\"manager\":{\"name\":\"ossec\"},\"id\":\"1654100328.369799825\",\"full_log\":\"Jun 1 18:18:47 ossec fileb
eat[398]: 2022-06-01T18:18:47.637+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e02387125e372, ext:146203416173, loc:(*time.Location)
(0x42417a0)}, Meta:{\\\"pipeline\\\":\\\"filebeat-7.10.2-wazuh-archives-pipeline\\\"}, Fields:{\\\"agent\\\":{\\\"ephemeral_id\\\":\\\"c310f9e0-c3d0-4ff2-95da-3afebaee8d34\\\",\\\"hostname\\\":\\\"ossec\\\",\\\"id\\\":\\\"0763c1c0-b8d6-4
7cc-8d42-c50c347085f5\\\",\\\"name\\\":\\\"ossec\\\",\\\"type\\\":\\\"filebeat\\\",\\\"version\\\":\\\"7.10.2\\\"},\\\"ecs\\\":{\\\"version\\\":\\\"1.6.0\\\"},\\\"event\\\":{\\\"dataset\\\":\\\"wazuh.archives\\\",\\\"module\\\":\\\"wazuh
\\\"},\\\"fields\\\":{\\\"index_prefix\\\":\\\"wazuh-archives-4.x-\\\"},\\\"fileset\\\":{\\\"name\\\":\\\"archives\\\"},\\\"host\\\":{\\\"name\\\":\\\"ossec\\\"},\\\"input\\\":{\\\"type\\\":\\\"log\\\"},\\\"log\\\":{\\\"file\\\":{\\\"pat
h\\\":\\\"/var/ossec/logs/archives/archives.json\\\"},\\\"offset\\\":483258384},\\\"message\\\":\\\"{\\\\\\\"timestamp\\\\\\\":\\\\\\\"2022-06-01T18:18:12.142+0200\\\\\\\",\\\\\\\"rule\\\\\\\":{\\\\\\\"level\\\\\\\":5,\\\\\\\"description
\\\\\\\":\\\\\\\"syslog: User authentication failure.\\\\\\\",\\\\\\\"id\\\\\\\":\\\\\\\"2501\\\\\\\",\\\\\\\"firedtimes\\\\\\\":20062,\\\\\\\"mail\\\\\\\":false,\\\\\\\"groups\\\\\\\":[\\\\\\\"syslog\\\\\\\",\\\\\\\"access_control\\\\\\
\",\\\\\\\"authentication_failed\\\\\\\"],\\\\\\\"pci_dss\\\\\\\":[\\\\\\\"10.2.4\\\\\\\",\\\\\\\"10.2.5\\\\\\\"],\\\\\\\"gpg13\\\\\\\":[\\\\\\\"7.8\\\\\\\"],\\\\\\\"gdpr\\\\\\\":[\\\\\\\"IV_35.7.d\\\\\\\",\\\\\\\"IV_32.2\\\\\\\"],\\\\\\
\"hipaa\\\\\\\":[\\\\\\\"164.312.b\\\\\\\"],\\\\\\\"nist_800_53\\\\\\\":[\\\\\\\"AU.14\\\\\\\",\\\\\\\"AC.7\\\\\\\"],\\\\\\\"tsc\\\\\\\":[\\\\\\\"CC6.1\\\\\\\",\\\\\\\"CC6.8\\\\\\\",\\\\\\\"CC7.2\\\\\\\",\\\\\\\"CC7.3\\\\\\\"]},\\\\\\\"a
gent\\\\\\\":{\\\\\\\"id\\\\\\\":\\\\\\\"000\\\\\\\",\\\\\\\"name\\\\\\\":\\\\\\\"ossec\\\\\\\"},\\\\\\\"manager\\\\\\\":{\\\\\\\"name\\\\\\\":\\\\\\\"ossec\\\\\\\"},\\\\\\\"id\\\\\\\":\\\\\\\"1654100292.170329479\\\\\\\",\\\\\\\"full_lo
g\\\\\\\":\\\\\\\"Jun 1 18:18:11 ossec filebeat[398]: 2022-06-01T18:18:11.909+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e022f8b7
3ee0e, ext:110570996489, loc:(*time.Location)(0x42417a0)}, Meta:{\\\\\\\\\\\\\\\"pipeline\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"filebeat-7.10.2-wazuh-alerts-pipeline\\\\\\\\\\\\\\\"}, Fields:{\\\\\\\\\\\\\\\"agent\\\\\\\\\\\\\\\":{\\\\\\\\\\\\
\\\"ephemeral_id\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"c310f9e0-c3d0-4ff2-95da-3afebaee8d34\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"hostname\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"id\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"0763c
1c0-b8d6-47cc-8d42-c50c347085f5\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"type\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"filebeat\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"version\\\\\\\\\\\\\
\\":\\\\\\\\\\\\\\\"7.10.2\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"ecs\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"version\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"1.6.0\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"event\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"dataset\\\\\\\\\\\\\\\
":\\\\\\\\\\\\\\\"wazuh.alerts\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"module\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"fields\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"index_prefix\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh-alert
s-4.x-\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"fileset\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"alerts\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"host\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"osse
c\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"input\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"type\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"log\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"log\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"file\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"path\\\\\\\\\\
\\\\\":\\\\\\\\\\\\\\\"/var/ossec/logs/alerts/alerts.json\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"offset\\\\\\\\\\\\\\\":147761831},\\\\\\\\\\\\\\\"message\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"{\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"timestamp\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"2022-06-01T18:17:57.851+0200\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"rule\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"level\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\":5,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"description\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"syslog: User authentication failure.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"id\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"2501\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"firedtimes\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":10941,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"mail\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\":false,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"groups\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"syslog\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"access_control\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\"authentication_failed\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"pci_dss\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"10.2.4\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\"10.2.5\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"gpg13\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"7.8\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"gd
pr\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"IV_35.7.d\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"IV_32.2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"hipaa\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"164.312.b\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"nist_800_53\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"AU.14\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"AC.7\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"tsc\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC6.1\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\"CC6.8\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC7.2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC7.3\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"]},\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"agent\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\\\
Jun 1 18:56:49 ossec filebeat[402]: 2022-06-01T18:56:49.459+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e0472dfbec7b3, ext:482458736688, loc:(*time.Location)(0x42417a0)}, Meta:{"pipeline":"filebeat-7.10.2-wazuh-archives-pipeline"}, Fields:{"agent":{"ephemeral_id":"9f5ca6b2-e9b6-43d7-a277-b7bf48be41df","hostname":"ossec","id":"0763c1c0-b8d6-47cc-8d42-c50c347085f5","name":"ossec","type":"filebeat","version":"7.10.2"},"ecs":{"version":"1.6.0"},"event":{"dataset":"wazuh.archives","module":"wazuh"},"fields":{"index_prefix":"wazuh-archives-4.x-"},"fileset":{"name":"archives"},"host":{"name":"ossec"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/archives/archives.json"},"offset":1873575068},"message":"{\"timestamp\":\"2022-06-01T18:20:41.620+0200\",\"rule\":{\"level\":5,\"description\":\"syslog: User authentication failure.\",\"id\":\"2501\",\"firedtimes\":119323,\"mail\":false,\"groups\":[\"syslog\",\"access_control\",\"authentication_failed\"],\"pci_dss\":[\"10.2.4\",\"10.2.5\"],\"gpg13\":[\"7.8\"],\"gdpr\":[\"IV_35.7.d\",\"IV_32.2\"],\"hipaa\":[\"164.312.b\"],\"nist_800_53\":[\"AU.14\",\"AC.7\"],\"tsc\":[\"CC6.1\",\"CC6.8\",\"CC7.2\",\"CC7.3\"]},\"agent\":{\"id\":\"000\",\"name\":\"ossec\"},\"manager\":{\"name\":\"ossec\"},\"id\":\"1654100441.1008202855\",\"full_log\":\"Jun 1 18:20:41 ossec filebeat[398]: 2022-06-01T18:20:41.323+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e0254f2708176, ext:260225083495, loc:(*time.Location)(0x42417a0)}, Meta:{\\\"pipeline\\\":\\\"filebeat-7.10.2-wazuh-archives-pipeline\\\"}, Fields:{\\\"agent\\\":{\\\"ephemeral_id\\\":\\\"c310f9e0-c3d0-4ff2-95da-3afebaee8d34\\\",\\\"hostname\\\":\\\"ossec\\\",\\\"id\\\":\\\"0763c1c0-b8d6-47cc-8d42-c50c347085f5\\\",\\\"name\\\":\\\"ossec\\\",\\\"type\\\":\\\"filebeat\\\",\\\"version\\\":\\\"7.10.2\\\"},\\\"ecs\\\":{\\\"version\\\":\\\"1.6.0\\\"},\\\"event\\\":{\\\"dataset\\\":\\\"wazuh.archives\\\",\\\"module\\\":\\\"wazuh\\\"},\\\"fields\\\":{\\\"index_prefix\\\":\\\"wazuh-archives-4.x-\\\"},\\\"fileset\\\":{\\\"name\\\":\\\"archives\\\"},\\\"host\\\":{\\\"name\\\":\\\"ossec\\\"},\\\"input\\\":{\\\"type\\\":\\\"log\\\"},\\\"log\\\":{\\\"file\\\":{\\\"path\\\":\\\"/var/ossec/logs/archives/archives.json\\\"},\\\"offset\\\":1009882966},\\\"message\\\":\\\"{\\\\\\\"timestamp\\\\\\\":\\\\\\\"2022-06-01T18:19:08.700+0200\\\\\\\",\\\\\\\"rule\\\\\\\":{\\\\\\\"level\\\\\\\":5,\\\\\\\"description\\\\\\\":\\\\\\\"syslog: User authentication failure.\\\\\\\",\\\\\\\"id\\\\\\\":\\\\\\\"2501\\\\\\\",\\\\\\\"firedtimes\\\\\\\":56945,\\\\\\\"mail\\\\\\\":false,\\\\\\\"groups\\\\\\\":[\\\\\\\"syslog\\\\\\\",\\\\\\\"access_control\\\\\\\",\\\\\\\"authentication_failed\\\\\\\"],\\\\\\\"pci_dss\\\\\\\":[\\\\\\\"10.2.4\\\\\\\",\\\\\\\"10.2.5\\\\\\\"],\\\\\\\"gpg13\\\\\\\":[\\\\\\\"7.8\\\\\\\"],\\\\\\\"gdpr\\\\\\\":[\\\\\\\"IV_35.7.d\\\\\\\",\\\\\\\"IV_32.2\\\\\\\"],\\\\\\\"hipaa\\\\\\\":[\\\\\\\"164.312.b\\\\\\\"],\\\\\\\"nist_800_53\\\\\\\":[\\\\\\\"AU.14\\\\\\\",\\\\\\\"AC.7\\\\\\\"],\\\\\\\"tsc\\\\\\\":[\\\\\\\"CC6.1\\\\\\\",\\\\\\\"CC6.8\\\\\\\",\\\\\\\"CC7.2\\\\\\\",\\\\\\\"CC7.3\\\\\\\"]},\\\\\\\"agent\\\\\\\":{\\\\\\\"id\\\\\\\":\\\\\\\"000\\\\\\\",\\\\\\\"name\\\\\\\":\\\\\\\"ossec\\\\\\\"},\\\\\\\"manager\\\\\\\":{\\\\\\\"name\\\\\\\":\\\\\\\"ossec\\\\\\\"},\\\\\\\"id\\\\\\\":\\\\\\\"1654100348.481676552\\\\\\\",\\\\\\\"full_log\\\\\\\":\\\\\\\"Jun 1 18:19:07 ossec filebeat[398]: 2022-06-01T18:19:07.603+0200#011WARN#011[elasticsearch]#011elasticsearch/client.go:408#011Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc09e023d614a04ec, ext:165937348573, loc:(*time.Location)(0x42417a0)}, Meta:{\\\\\\\\\\\\\\\"pipeline\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"filebeat-7.10.2-wazuh-archives-pipeline\\\\\\\\\\\\\\\"}, Fields:{\\\\\\\\\\\\\\\"agent\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"ephemeral_id\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"c310f9e0-c3d0-4ff2-95da-3afebaee8d34\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"hostname\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"id\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"0763c1c0-b8d6-47cc-8d42-c50c347085f5\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"type\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"filebeat\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"version\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"7.10.2\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"ecs\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"version\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"1.6.0\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"event\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"dataset\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh.archives\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"module\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"fields\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"index_prefix\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"wazuh-archives-4.x-\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"fileset\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"archives\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"host\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"name\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"ossec\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"input\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"type\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"log\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"log\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"file\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\"path\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"/var/ossec/logs/archives/archives.json\\\\\\\\\\\\\\\"},\\\\\\\\\\\\\\\"offset\\\\\\\\\\\\\\\":575249413},\\\\\\\\\\\\\\\"message\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\"{\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"timestamp\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"2022-06-01T18:18:22.200+0200\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"rule\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"level\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":5,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"description\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"syslog: User authentication failure.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"id\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"2501\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"firedtimes\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":26407,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"mail\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":false,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"groups\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"syslog\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"access_control\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"authentication_failed\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"pci_dss\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"10.2.4\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"10.2.5\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"gpg13\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"7.8\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"gdpr\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"IV_35.7.d\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"IV_32.2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"hipaa\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"164.312.b\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"nist_800_53\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"AU.14\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"AC.7\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"],\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"tsc\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\":[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC6.1\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC6.8\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC7.2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"CC7.3\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"]},\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"agent\\\\\\\\\\\\\\\\\\\\\\\
Miroslav M
Jun 1, 2022, 2:54:42 PM6/1/22
to Wazuh mailing list
I have found there was message before those posted earlier:
..."reason":"Validation Failed: 1: this action would add [3] total shards, but this cluster currently has [1000]/[1000] maximum shards open;"}
I deleted old data and will set the ILM policy
Reply all
Reply to author
Forward
0 new messages